An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-20-005 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2020-09-24T13:36:12
Updated: 2024-08-04T12:04:22.888Z
Reserved: 2020-05-12T00:00:00
Link: CVE-2020-12811
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-24T18:15:16.887
Modified: 2020-09-30T19:18:09.800
Link: CVE-2020-12811
Redhat
No data.